After analysing 5,855 Android apps that claim to comply with the Google Play Store’s Designed for Families (DFF) program, researchers found what’s best described as a privacy and surveillance mess.

40% were transmitting personal information “without applying reasonable security measures” (SSL/TLS encryption), while another 18.8% were sharing data with third parties that could be used to identify children and their devices for profiling.

Almost one in twenty were sharing personal data, such as email addresses and social media profiles, with third parties without consent. The long and short of this:

Overall, roughly 57% of the 5,855 child-directed apps that we analyzed are potentially violating COPPA.

The underlying problem appears to be the Wild West of third-party software development kits (SDK) which have privacy-protecting settings turned off or ignored – even, in some cases, when the terms of service of SDKs prohibit such a thing in apps designed for children.

A few months ago, this report might have attracted a few headlines and then been submerged by a tide of new stories and quickly forgotten. However, its publication only weeks after Facebook found itself hauled up for its privacy design, means that’s unlikely to be the case.

Protecting kids and families is a top priority, and our Designed for Families program requires developers to abide by specific requirements above and beyond our standard Google Play policies.

We’re taking the researchers’ report very seriously and looking into their findings. If we determine that an app violates our policies, we will take action.

Google, then, is going to look into the issue of app compliance with DFF and perhaps how this affects COPPA too.

The problem with this response is that it all sounds a bit like Facebook’s way of dealing with years of privacy complaints – kick the problem down the road but leave the model that caused it – self-regulation – untouched.